-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is everyone else seeing ICMP echo request packets sent to random IP's from what appear to be insecure windows machines? The pings seem to be appearing every few minutes, and don't seem to be isolated to any particular ISP, or even anywhere in particular in the world, which is easily confirmed by ssh'ing to machines in the US and EU and doing tcpdump and seeing exactly the same traffic. The pings look like: 00:53:59.511049 61.85.33.233 > xx.xx.xx.xx: icmp: echo request (ttl 114, id 32026, len 92) 0x0000 4500 005c 7d1a 0000 7201 028e 3d55 21e9 E..\}...r...=U!. 0x0010 xxxx xxxx 0800 fba0 0400 a309 aaaa aaaa .m.M............ 0x0020 aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa ................ 0x0030 aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa ................ 0x0040 aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa ................ 0x0050 aaaa aaaa aaaa aaaa aaaa aaaa ............ This seems to have been going on for quite a long time (a week? two weeks?) and the source addresses seem rather varied. Current speculation is that this is an attack on the source address done by spoofing the source to be the target and sending to legitimate destination addresses. Does anyone have any more information? - -- Xerox does it again and again and again and ... -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Only when you are sure they have you, can you stop being paranoid iD8DBQE/QM/rcAgRpy8z8UQRAjAIAKC8So3A3cRgOuIjJYx9M6GwMMQ0ewCgj5+u kmG5NtMLnUx71k7c6eyQpyI= =LEDs -----END PGP SIGNATURE-----